package com.it.shiro.config;

import org.apache.catalina.Manager;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.pam.AllSuccessfulStrategy;
import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.realm.AuthenticatingRealm;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;

/**
 * ClassName:ShiroConfig
 * Package:com.it.shiro.config
 * Description: 描述信息
 *
 * @date:2022/3/30 11:16
 * @author:动力节点
 */
@Configuration
public class ShiroConfig {



    //1、Realm 代表系统资源
//    @Bean
//    public Realm myRealm(){
//        return new MyRealm();
//    }

    @Bean
    //2、SecurityManager 流程控制
    public DefaultWebSecurityManager getSecurityManager(AuthorizingRealm myRealm, AuthenticatingRealm mobileRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        //设置加密类型
        matcher.setHashAlgorithmName("MD5");
        //设置迭代器的次数
        matcher.setHashIterations(3);
        //做凭证匹配，
        myRealm.setCredentialsMatcher(matcher);
        mobileRealm.setCredentialsMatcher(matcher);
        //securityManager.setRealm(myRealm);
        securityManager.setRealms(Arrays.asList(myRealm,mobileRealm));
        //多realm认证策略
        ModularRealmAuthenticator authenticator = new ModularRealmAuthenticator();
        authenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
        authenticator.setRealms(Arrays.asList(myRealm,mobileRealm));
        securityManager.setAuthenticator(authenticator);

        //记住我功能
        CookieRememberMeManager cookieRemember = new CookieRememberMeManager();

        Cookie cookie = new SimpleCookie("rememberMe");
        cookie.setHttpOnly(true);
        cookie.setMaxAge(10);
        cookieRemember.setCookie(cookie);
        securityManager.setRememberMeManager(cookieRemember);

        //session
        MemoryConstrainedCacheManager cache = new MemoryConstrainedCacheManager();
        securityManager.setCacheManager(cache);
        return securityManager;
    }

    /**
     *
     * @param getSecurityManager
     * @return ShiroFilterFactoryBean 请求过滤器
     */
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager getSecurityManager){
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(getSecurityManager);
        //配置路径过滤器
        Map<String,String> filterMap = new HashMap<>();
        //配置ant路径 key是ant路径，支持**代表多级路径，*代表单级路径
        //key是ant路径,value配置shiro的默认过滤器,配置DefaultFilter中的key
        //auth,authc 需要，登录才能访问,perms 设置权限,
        //表示两个资源都需要登录才能访问
//        filterMap.put("/mobile/**","authc,perms[mobile]");
//        filterMap.put("/salary/**","authc,perms[salary]");
        filterMap.put("/common/logout","logout");
        factoryBean.setFilterChainDefinitionMap(filterMap);
        factoryBean.setLoginUrl("/index.html");
        factoryBean.setUnauthorizedUrl("/common/unauthorized");
        return factoryBean;

    }
}
